On Mon, 20 Apr 2026 15:03:49 GMT, Jorn Vernee <[email protected]> wrote:
> Why do you think `RTLD_DEFAULT` is better? For security. Unneeded libraries might be help to attack by malicious user. (e.g. DLL hijack) > For example, if a symbols is in a library not already loaded by the process. I could not understand this case. If the symbol what the user want to use attempts to be resolved, the library which provides it need to be loaded before. It is same with current semantics on FFM. Exception should be thrown if the symbol was not found in loaded libraries. (`SymbolLookup::findOrThrow`) > Conversely, this could also find extra VM-internal symbols from libraries > that the VM itself links against. Indeed, but this concern already exists because the user can issue `dlsym()` with `RTLD_DEFAULT` from both native code and FFM. ------------- PR Comment: https://git.openjdk.org/jdk/pull/30794#issuecomment-4286074616
